Negative Connotations - Cyber Security for the Fed

If you've been in the information security industry for even a short time, I'm sure you've observed the fairly even split between individual ideologies regarding the direction of the federal government as it relates to privacy. Before we start, I'd like to say that I believe I can appropriately understand either side, as quite a large portion of my undergraduate work was geared to the balance of privacy and security.

If you're new to the argument, there is quite a divide between those I've self-titled "privacy purists" and "security patriots".

The purists believe that you cannot condone even the slightest invasion of privacy for the sake of personal, intellectual, or political freedom. They make the argument that this country was founded on the ability to peruse the aforementioned values, and thus we cannot be true Americans if we forfeit our founding principles outright.

Moving forward on national security, as demanded by growth in both population and mass communication, many security professionals (security patriots) understand that these ideologies cannot be maintained without sacrifice. Our ability to maintain all of our founding principles rely solely on our ability to maintain national security from outside threats. To this end, the small sacrifice of some privacy may be the requirement to maintain national security.

So, as security professionals, at what point do we draw the line between the understanding the necessity for intellectual freedom and the importance of national security? For those that have worked in a government job, is there any ability to balance one's values for freedom while maintaining a job that could seemingly border on the side of possible abuse? Generally speaking, how would industry professionals view these types of employees when moving out of the public sector back into the private sector? Are there any type of long-standing negative connotations that would be attached to federal employees wanting to move into a research position? What social implications are tied to work with agencies like the NSA?

These questions are rooted in an attempt to better understand the industry, both socially and professionally. I've explored and applied to some positions within the federal government, but prior to committing to anything, I'd like to try and understand the industry viewpoint.

Any thoughts and ideas are appreciated.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

philz1982

FYI, when I use the word you, I am referring to the general populace not the OP.

Many of the folks who are purists as you describe, have never been in combat or seen what the enemy will do to us if they are able. Spying on the public has been around since the founding of this country. You are fooling yourself if you do not believe that those who were siding with the English were not spied upon during the revolutionary war.

The thing with technology is that we have allowed it to be so pervasive that it has spread throughout our society, economy, and personal lives. Thus people feel vulnerable when the "threat" of cyber spying is discussed. In reality the majority of the population doesn't understand how their web browser connects to Facebook and exposes themselves to threats every day by just walking around.

As for people coming from the government into the private sector. I wouldn't look at it from a stigma perspective of views on security. Rather the real area of struggle is dealing with security that is not mandated via a regulatory body. Additionally, many in the Government do not understand the concept of supporting the business financials. The implementation of controls on CAPex and OPex. This is not a dig against government workers.

I know when I left the military, I had a stigma of you can't work people 16 hours a day. You can't tell people to suck it up, you need to be sensitive ect. Additionally, I was used to limitless resources, what is this overtime thing your talking about, I'm paying you to finish the job...

The average person, will consume the data fed to them. If they are told the NSA is bad by MSNBC, FOX news, CNN ect they will blindly follow. All while logging onto a public WiFi in Starbucks and publicly exposing their sessionId's and Cookies to man-in-the-middle attacks.

In reality, I have seen reverse stigmas. I see people from the private sector who come in and can solve a security problem by skipping from A-Z get frustrated by the process and procedures.

I know parts of this weren't exactly what you asked...

-Phil

wolfinsheepsclothing

In my experience, the 'privacy purists' typically lack an in depth understanding of computer systems as a whole (let alone security).

Nersesian

An interesting discussion to be sure. Security patriots in my experience wholly embrace the concept of security for me but not for thee and in turn wind up drinking their own koolaid. This results in some completely backwards public statements fro the same organizations who pioneered the concept of security.

http://www.nytimes.com/2014/10/17/us/politics/fbi-director-in-policy-speech-calls-dark-devices-hindrance-to-crime-solving.html?_r=0

I take umbrage with the justification "you don't know what I've seen in combat" or "I've faced the enemy" (whoever that is) as if this somehow rationalizes a country's policy on warrentless spying on its own citizenry. I'm also immediately suspicious of any argument that invokes "freedom" as a standardized mechanism for justification.

See also: Arguments "for the children" and "If you don't have anything to hide".

I don't want to spin this into a political argument more than it already is, but our current set of infosec policies seem to ignore the context in which we came to our conclusions. Maybe we've done something in our not too distant past to make ourselves a bit more of a target.

People willing to trade their freedom for temporary security deserve neither and will lose both.
-Benjamin Franklin

MSP-IT

Great points, Nersesian.

From what I've seen, it's nearly impossible to draw the line at any point along the argument. To some, education of how the "real world" works may prove to be sufficient in understanding the necessity and importance of security, but I often find myself falling on the side of "err on the side of caution".

It's a truly interesting debate that I feel plays toward political thought very closely.

Cyberscum

This is a very complex question. In the government, a security professional understands their role in the moving parts. It would be impossible for one to make a determination on the overall privacy issue of their job, because of the fact that they cannot see the entire picture. The system is designed to give you vision of your scope of work and nothing more. For instance, I can make the case that what I am doing is wrong and unjust. But I do not know all of the working parts of the project, nor do I know how my small portion of work fits into the complex working machine of the government. You could even go as far as to say that all of the combined moving parts of cyber security play a vital role in international cyber security. So again, for one person to say that what they are doing is infringing on the rights of others is a misjudgment. They could not possibly know what or how they are making a difference in the big picture.

Also, there are horrific and unexplainable things happening in this world all of the time. I worked very closely with an intelligence group and all I can say is this...If people actually realized how horrible humanity has become, they would have different views on everything the NSA, DIA, CIA, FBI and countless other organizations do and why they do it. Ignorance is bliss.

philz1982

Cyberscum wrote: »

Also, there are horrific and unexplainable things happening in this world all of the time. I worked very closely with an intelligence group and all I can say is this...If people actually realized how horrible humanity has become, they would have different views on everything the NSA, DIA, CIA, FBI and countless other organizations do and why they do it. Ignorance is bliss.

Having been combat deployed to ME and Africa, I completely agree with this statement. There's some barbaric stuff just waiting to find it's way here to the US.....

SephStorm

philz1982 wrote: »

Having been combat deployed to ME and Africa, I completely agree with this statement. There's some barbaric stuff just waiting to find it's way here to the US.....

This. And it includes the cyber world. People see news stories about the NSA's TAO organization and stories like the FBI's inditement of PLA 61398. They don't make the connection. There are cyber organizations worldwide who are tasked to infiltrate,degrade, and destroy US information systems. They fail to understand that while they quote famous lines about security and privacy, we can loose it all. Not because "we don't deserve it" but because their are organizations who can destroy it.

Nersesian

- If people actually realized how horrible humanity has become, they would have different views on everything the NSA, DIA, CIA, FBI and countless other organizations do and why they do it.

Appeal to Fear

argumentum in terrorem

(also known as: argumentum ad metum, argument from adverse consequences, scare tactics)
Appeal to Fear

I'm not denying bad things happen to good people. I'm questioning the rationale of the approach, justification and continued (sometimes blind?) support of security policies which may have an unforeseen impact down the road. I consider it a responsibility to question those that have the power to imprison.

dmoore44

It's an interesting dilemma to be sure - one I've struggled with too.

I'll have to disagree with @wolfinsheepsclothing - I don't think the Privacy Purists lack the technical understanding of modern computing systems (take the EFF for example)... I think that their goal is to remain as true to Constitution as possible. The Privacy Purists exhibit a strong connection to their ideological foundation, and as such, they really aren't disposed towards compromise of their principals.

That being said, the Security Patriots also have a strong set of principals. From my experience and observation, the Security Patriots are disposed more towards the "accomplish the mission at any cost" mindset - that is to say, they're willing to compromise on some of the core set of principals they've sworn to defend, and in their minds, the compromise is temporary... The unspoken/unrecognized problem is that once an agent of the government makes a compromise, rarely is it undone.

Cyberscum

Nersesian wrote: »

- If people actually realized how horrible humanity has become, they would have different views on everything the NSA, DIA, CIA, FBI and countless other organizations do and why they do it.

Appeal to Fear

argumentum in terrorem

(also known as: argumentum ad metum, argument from adverse consequences, scare tactics)
Appeal to Fear

I'm not denying bad things happen to good people. I'm questioning the rationale of the approach, justification and continued (sometimes blind?) support of security policies which may have an unforeseen impact down the road. I consider it a responsibility to question those that have the power to imprison.

What I am talking about is not the unjustified imprisonment of citizens or the false sense of terror. What I am talking about is the mutilation, torture, brutality, morbid truth of what the human race has become and the people that keep us in our bubble, sheltered from it.

Don't get it wrong, there are people out there in this world that would relish the opportunity to devour us and our families. If you have never been exposed to this then you just will have a hard time understanding.

Having been exposed to this, I could care less about my privacy. The people that protect me from these animals in the world can have it all. When you bear witness to these acts you see the world in a different, spine chilling light.

bobloblaw

Cyberscum wrote: »

Also, there are horrific and unexplainable things happening in this world all of the time. I worked very closely with an intelligence group and all I can say is this...If people actually realized how horrible humanity has become, they would have different views on everything the NSA, DIA, CIA, FBI and countless other organizations do and why they do it. Ignorance is bliss.

Humanity has not gotten worse, and the average quality of life all over the world is better than it was ~100 years ago. You're pulling an old man "fire and brimstone" speech.

SouthSeaPirate

Nersesian wrote: »

An interesting discussion to be sure. Security patriots in my experience wholly embrace the concept of security for me but not for thee and in turn wind up drinking their own koolaid. This results in some completely backwards public statements fro the same organizations who pioneered the concept of security.

I take umbrage with the justification "you don't know what I've seen in combat" or "I've faced the enemy" (whoever that is) as if this somehow rationalizes a country's policy on warrentless spying on its own citizenry. I'm also immediately suspicious of any argument that invokes "freedom" as a standardized mechanism for justification.

See also: Arguments "for the children" and "If you don't have anything to hide".

I don't want to spin this into a political argument more than it already is, but our current set of infosec policies seem to ignore the context in which we came to our conclusions. Maybe we've done something in our not too distant past to make ourselves a bit more of a target.

People willing to trade their freedom for temporary security deserve neither and will lose both.
-Benjamin Franklin

Exactly what I feel like I needed to say. Great post!

If you knew yesterday, what we know today, you'd be told to put on your tinfoil hat. Im disturbed by how complacent everyone is about all this. Now we're even debating it here and trying to justify it. It is wrong in every way...

This separation of government from people, this widening of the gap, took place so gradually and so insensibly, each step disguised (perhaps not even intentionally) as a temporary emergency measure or associated with true patriotic allegiance or with real social purposes. And all the crises and reforms (real reforms, too) so occupied the people that they did not see the slow motionunderneath, of the whole process of government growing remoter and remoter. - Milton Mayer in reference to **** Germany

To add to the 'nothing to hide argument'; all they had to do was decide you were a criminal, or simply, make it legal (the path we are heading down now).
I recommend watching the United States of Secrets. This will show you even a CIA director wasn’t invulnerable. How much will they care about you

Nersesian

Cyberscum wrote: »

What I am talking about is not the unjustified imprisonment of citizens or the false sense of terror. What I am talking about is the mutilation, torture, brutality, morbid truth of what the human race has become and the people that keep us in our bubble, sheltered from it.

Don't get it wrong, there are people out there in this world that would relish the opportunity to devour us and our families. If you have never been exposed to this then you just will have a hard time understanding.

Having been exposed to this, I could care less about my privacy. The people that protect me from these animals in the world can have it all. When you bear witness to these acts you see the world in a different, spine chilling light.

Yeah, we're probably just going to have to agree to disagree on this one as we seemingly have quite literally opposite perspectives on this. This is perfectly cool with me for what its worth. I do think its a bit condescending to make certain assumptions about someone's life experience based on their opinion of the existing government secpol, be it foreign or domestic. I care quite a bit about my privacy and don't ascribe to the belief that the supposed "protectors" can have it all. It sounds like a bit of a shakedown to me.

"...would be a shame if this whole freedom thing went up in flames. Tells you what, hows about I watch you'se guys and make sure the monsters don't get you. All I'm going to need is...well all of it. You're not a terrorist are you?"

Cyberscum

@Bob
Quality of life has gotten better but suicide rates are higher?

@Ner
Like I said, I just cannot relate to your comments. They almost seem silly to me. Or just lacking real world experiences.

Nersesian

Cyberscum wrote: »

@Bob
Quality of life has gotten better but suicide rates are higher?

@Ner
Like I said, I just cannot relate to your comments. They almost seem silly to me. Or just lacking real world experiences.

To your first point, yes. Regions with a higher quality of life have a higher suicide rate.
Suicide, Homicide, and the Quality of Life: An Archival Study - Lester - 2011 - Suicide and Life-Threatening Behavior - Wiley Online Library

David Lester PhD
Article first published online: 10 JAN 2011

To your second point, I'll take silly.

MSP-IT

Cyberscum wrote: »

... But I do not know all of the working parts of the project, nor do I know how my small portion of work fits into the complex working machine of the government.

Does anyone have a broad view of all the smaller, working parts of the government? And if not, what are the implications of this?

With regards to the other viewpoints regarding the realities of humanity and the protection of freedom, I have little to no experience with either, so I don't necessarily feel at liberty to voice my opinion. Though I really enjoy seeing what others have to say.

Cyberscum

MSP-IT wrote: »

Does anyone have a broad view of all the smaller, working parts of the government? And if not, what are the implications of this?

The implications are that we are being controlled, which I do not deny. We are in a sick and uncontrollably twisted game of survival. We are given the false sense that we can control our small existence in this world, which we cannot. We are all mice on a wheel. We talk about how we can change, but are without action. We quote this and that about freedom, but do not sacrifice for it. We want this and that, like we are entitled to it. There is no right or wrong in this game. If you feel that you are right, then fight against the wrongdoer. Otherwise what is the point of all this talk.

SephStorm

Everything has a balance, and it should. We can't live in a complete security state, but we can't live in a complete constitutionalists state either. And we have to look at todays threats with open eyes and be willing to rise to the task of making hard decisions and being willing to sacrifice for safety if needed. I have no problem with the metadata program. Really I wouldn't have problems with a much more invasive program which was ran the same way. The fact is the program was used to target terrorists. Could it be used for domestic political reasons? Yes, but it hasn't and i've not the slippery slope kind of guy, if it's abused then we deal with that, if not we can live with it.

There are things I do not agree with. The FBI is constantly seeking to backdoor and defeat security. I do not support their efforts. I don't think it is necessary and they have not proven an ability to do right with their powers.

bobloblaw

@Cyberscum - Can I read your manifesto?

Cyberscum

Not mine but I one I live by...

....And totally unrelated

holsteemanifesto.jpg

SouthSeaPirate

SephStorm wrote: »

...if it's abused then we deal with that, if not we can live with it.

Yes, it has been abused many times already. Again, I recommend watching The United States of Secrets. Then you will see it is indeed a slippery slope.

MSP-IT

Cyberscum wrote: »

attachment

... ****.

I love this. I honestly think dispassion is one of the great plagues of the world.

SephStorm

SouthSeaPirate wrote: »

Yes, it has been abused many times already. Again, I recommend watching The United States of Secrets. Then you will see it is indeed a slippery slope.

I understand that. But plain and simple I have faith in people, whether or not you have faith in the government, you can generally trust the people behind the government. The people I work with could cause significant harm, they choose not to. The people of NSA and many other organizations make the same choice every day.

MSP-IT

SephStorm wrote: »

I understand that. But plain and simple I have faith in people, whether or not you have faith in the government, you can generally trust the people behind the government. The people I work with could cause significant harm, they choose not to. The people of NSA and many other organizations make the same choice every day.

Generally speaking, I agree with this.